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DETAILED ACTION 

1. Claims 1-25 are pending 

Response to Arguments 

Applicant's arguments have been fully considered and are persuasive. 
Therefore, the rejection has been withdrawn. A new rejection follows. 



Claim Rejections - 35 USC §112 

2. 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1-15 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claim 1 , claims "blocking access to the database for downloading the file." It is 
unclear whether the blocking starts once the file has been downloaded or after the time 
limit has elapsed. 

Claims 2-15 are dependent on Claim 1 and are rejected for the same rationale. 



Claim Rejections - 35 USC § 102 
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3. 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-4 and 14 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Baltes (US 2003/0103615). 

Regarding Claims 1-3, 

Baltes teaches a method for securely downloading files to a managed device, the 
method comprising the steps of: 

selecting a managed device for interfacing with networks or devices over the 
Internet; ("To access the Internet, customer premises network equipment (CPNE) such as 
broadband modems, routers, and modem-router combination products require being setup" 
Paragraph [0002]) 

assigning a unique identification number to the device; 

creating a file for the managed device on a database, wherein the file can be 
downloaded over the Internet to the managed device; ("a method in which a central 
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server may be contacted when configuration information is needed for a broadband 
communication device. This contact may be initiated via a dial-up modem." Abstract). The 
Examiner interprets that the file has inherently been created. 

creating an access verification program for downloading the file, wherein the 
access verification program permits a user of the managed device at a remote location 
. to access the file over the Internet by entering the unique identification number, and 
wherein the access verification program permits the user to download the file over the 
Internet for a period of time; receiving an identification number by from the user; 
verifying that the identification number received from the user is the same as the 
unique identification number; ("The central server then determines who the customer is 
through an identification of the source of the communication... The central server is able to 
access a number of databases that contain configuration information for the customer. " 
Paragraph [0019] lines f-3, Paragraph [0020] lines 1-3) 

permitting access to the database by the user for downloading the file for a 
period of time; downloading the file from the database to the managed device; 
and blocking access to the database for downloading the file. ("The central server 
downloads the configuration information from the database. Then, it transfers the configuration 
information over the dialup communication link. Once the configuration information is at the 
broadband communication device, the broadband communication device may use the 
information to configure itself." Paragraph [0021]) 

The Examiner notes that all routers inherently are assigned identification 
numbers/serial numbers. The Examiner also notes that access to the database for 
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downloading the file is inherently blocked eventually after the file has been 
downloaded. 

Regarding Claim 2, the Examiner interprets configuration information as 
configuration file. Regarding Claim 3, a router is included in the list of devices. 



Regarding Claim 4, 

Baltes teaches the method for securely downloading files to a managed device 
according to claim 1, wherein the unique identification number is the serial number of 
the managed device. ("Furthermore, a broadband communication device serial number may 
be provided to the central server. " Paragraph [0019]) 

Regarding Claim 14, 

Baltes teaches the method of Claim 1 / where the access to the database for 
downloading the file is inherently blocked after the file has been downloaded. The 
Examiner interprets blocking access to the database as terminating the link between 
the database and the router. 
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Claim Rejections - 35 USC § 103 

4. 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 
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Claims 6-8 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Baltes in view of Bertino's paper "A Temporal Authorization Model" (1994). 

Regarding Claims 6 and 15, 

Baltes teaches the method for securely downloading files to a managed device 
according to claim 1. 

However Baltes does not teach that the period of time is predetermined. 

Bertino teaches "a discretionary access control model in which authorizations 
contain temporal information. This information can be used to specify temporal 
intervals of validity for authorizations and temporal dependencies among authorizations 
(Abstract)" 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the method of Baltes with the teachings of Bertino 

The motivation to combine is that Bertino teaches a well known technique in 
access control which teaches limiting authorization using temporal constraints. 

Baltes and Bertino do not explicitly teach that downloading is the access mode, 
or privilege, for which authorization is granted. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include downloading as a privilege in the Access Control model of Bertino. 
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The motivation is the right to download is a well-known right in Access Control 
models. 



Regarding Claim 7, 

Baltes teaches the method for securely downloading files to a managed device 
according to claim 1. 

However Baltes does not teach that the period of time is less than 4 hours. 

Bertino teaches "a discretionary access control model in which authorizations 
contain temporal information. This information can be used to specify temporal 
intervals of validity for authorizations and temporal dependencies among authorizations 
(Abstract)" 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the method of Baltes with the teachings of Bertino 

The motivation to combine is that Bertino teaches a well known technique in 
access control which teaches limiting authorization using temporal constraints. 



Baltes and Bertino do not explicitly teach that downloading is the access mode, 
or privilege, for which authorization is granted. 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include downloading as a privilege in the Access Control model of Bertino. 

The motivation is the right to download is a well-known right in Access Control 
models. 

Baltes and Bertino also do not explicitly teach where the time limit is less than 
four hours. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to limit the time interval of Bertino to less than hour hours. 

The motivation for the time period to be less than 4 hours is acclimate users 
requirement. 

Regarding Claim 8, 

Baltes teaches the method for securely downloading files to a managed device 
according to claim 1 . 

However Baltes does not teach that the period of time is less than 1 hour. 

Bertino teaches "a discretionary access control model in which authorizations 
contain temporal information. This information can be used to specify temporal 
intervals of validity for authorizations and temporal dependencies among authorizations 
(Abstract)" 
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It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the method of Baltes with the teachings of Bertino 

The motivation to combine is that Bertino teaches a well known technique in 
access control which teaches limiting authorization using temporal constraints. 

Baltes and Bertino do not explicitly teach that downloading is the access mode, 
or privilege, for which authorization is granted. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include downloading as a privilege in the Access Control model of Bertino. 

The motivation is the right to download is a well-known right in Access Control 
models. 

Baltes and Bertino also do not explicitly teach where the time limit is less than 
one hour. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to limit the time interval of Bertino to less than hour hours. 
The motivation for the time period to be less than 1 hour is acclimate users 
requirement. 

Claims 5, 9-13, 16-17, 21-24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Baltes in view of Mehler (US 2002/0179709) 
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Regarding Claims 5, 9-13 

Baltes teaches the method for securely downloading files to a managed device 
according to claim 1. Particularly Baltes teaches a "serial number may be provided to 
the central server" Paragraph [0019]. 

However Baltes does not teach further comprising selecting a portable device for 
reading the unique identification number, where the device may be a bar code scanner. 
Additionally Baltes does not teach a password being entered into the portable device. 
Finally Baltes does not teach the combination of the password and ID to be 
downloaded from the portable device to the database. 

Mehler teaches a method of "(a) receiving at least one authorized user password 
associated with a transaction code; (b) receiving at least one single-use code carrier 
bearing a transaction code... printed thereon in an optically readable digital code (c) 
presenting the code carrier and the password for verification in order to receive 
authorization" (Paragraph [0028]). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the method of Baltes with the teachings of Mehler. 
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The motivation to combine is for "securely carrying out a. ..transaction. (Paragraph 
[0028])" 

The Examiner interprets that the step of presenting the code carrier and the password 
for verification as downloading the ID number and password from the portable device 
to the database. The Examiner interprets that if a password is received it must 
inherently first been assigned. 



Regarding Claims 16-17 and 21-24 

Baltes teaches all the limitations of Claim 16 (See Regarding Claim 1) including the 
use of a serial number (See Regarding Claim 4), with the exception of assigning a 
unique password to the router, receiving a. password from the user, and verifying the 
password received by the user. Baltes teaches all the limitations of Claim 21-23 
except for the ID and password being read by a barcode scanner which is then 
downloaded to the router to the database. 

Mehler teaches a method of "(a) receiving at least one authorized user password 
associated with a transaction code; (b) receiving at least one single-use code carrier 
bearing a transaction code... printed thereon in an optically readable digital code (c) 
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presenting the code carrier and the password for verification in order to receive 
authorization... (d) receiving verification of a match between the transaction code and 
the transaction account and verification of the password" (Paragraph [0028]). The 
Examiner interprets that the password has inherently been assigned to the router. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the method of Baltes with the teachings of Mehler. 

The motivation to add an additional password is for additional security. The motivation 
to use a barcode scanner and download the ID and password to the database is to 
provide a way to read provide verification. 

Concerning Claim 24, the access to the database is inherently terminated after the file 
is downloaded. 

Claims 18-20 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Baltes in view of Mehler as applied to claim 16 above, and further in view of 
Bertino. 

Regarding Claims 18-20 and 25 
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All the limitations of Claim 18-20 and 25 are anticipated in the rejection of claim 
16, except that the period of time is predetermined. 

Bertino teaches "a discretionary access control model in which authorizations 
contain temporal information. This information can be used to specify temporal 
intervals of validity for authorizations and temporal dependencies among authorizations 
(Abstract)" 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the method of Baltes with the teachings of Bertino 

The motivation to combine is that Bertino teaches a well known technique in 
access control which teaches limiting authorization using temporal constraints. 

Baltes and Bertino do not explicitly teach that downloading is the access mode, 
or privilege, for which authorization is granted. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include downloading as a privilege in the Access Control model of Bertino. 

The motivation is the right to download is a well-known right in Access Control 
models. 

It is inherent that downloading will be blocked if there is a time limit for downloading. 

Conclusion 



5. 



Application/Control Number: 10/743,252 



Page 1 5 



Art Unit: 2139 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Harris C. Wang whose telephone number is 
5712701462. The examiner can normally be reached on M-F 8-5:30, Alternate Fridays 
Off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, AYAZ R. SHEIKH can be reached on (571)272-3795. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for - 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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